def create(self, target_vm=None):
'''
@param: target_vm: ZstackTestVm(). Target_vm is important. It is for
eip testing. If target_vm is none, it means this eip is not attached
for any vm.
'''
self.eip = net_ops.create_eip(self.eip_creation_option)
vm_nic_uuid = self.eip_creation_option.get_vm_nic_uuid()
self.target_vm = target_vm
vip_uuid = self.eip_creation_option.get_vip_uuid()
self.vip = test_lib.lib_get_vip_by_uuid(vip_uuid)
if vm_nic_uuid:
self.state = eip_header.ATTACHED
else:
self.state = eip_header.DETACHED
super(ZstackTestEip, self).create()
def create(self, target_vm=None):
'''
@param: target_vm: ZstackTestVm(). Target_vm is important. It is for
eip testing. If target_vm is none, it means this eip is not attached
for any vm.
'''
self.eip = net_ops.create_eip(self.eip_creation_option)
vm_nic_uuid = self.eip_creation_option.get_vm_nic_uuid()
self.target_vm = target_vm
vip_uuid = self.eip_creation_option.get_vip_uuid()
self.vip = test_lib.lib_get_vip_by_uuid(vip_uuid)
if vm_nic_uuid:
self.state = eip_header.ATTACHED
else:
self.state = eip_header.DETACHED
super(ZstackTestEip, self).create()
def check(self):
super(zstack_vcenter_pf_vip_icmp_checker, self).check()
test_result = True
pf_rule = self.test_obj.get_port_forwarding()
vip_uuid = pf_rule.vipUuid
cond = res_ops.gen_query_conditions('uuid', '=', vip_uuid)
vipIp = res_ops.query_resource(res_ops.VIP, cond)[0].ip
vip_l3_uuid = test_lib.lib_get_vip_by_uuid(pf_rule.vipUuid).l3NetworkUuid
any_vr = test_lib.lib_find_vr_by_l3_uuid(vip_l3_uuid)[0]
try:
test_lib.lib_check_ping(any_vr, vipIp)
except:
test_util.test_logger("Catch exception: Port Forwarding [rule:] %s is not pingable from [vm:] %s " % (pf_rule.uuid, any_vr.uuid))
test_result = False
if test_result != self.exp_result:
return self.judge(test_result)
else:
test_util.test_logger("Port Forwarding [rule:] %s is pingable from [vm:] %s" % (pf_rule.uuid, any_vr.uuid))
return self.judge(test_result)
def check(self):
super(zstack_kvm_pf_vip_icmp_checker, self).check()
test_result = True
pf_rule = self.test_obj.get_port_forwarding()
vip_uuid = pf_rule.vipUuid
cond = res_ops.gen_query_conditions('uuid', '=', vip_uuid)
vipIp = res_ops.query_resource(res_ops.VIP, cond)[0].ip
vip_l3_uuid = test_lib.lib_get_vip_by_uuid(pf_rule.vipUuid).l3NetworkUuid
any_vr = test_lib.lib_find_vr_by_l3_uuid(vip_l3_uuid)[0]
try:
test_lib.lib_check_ping(any_vr, vipIp)
except:
test_util.test_logger("Catch exception: Port Forwarding [rule:] %s is not pingable from [vm:] %s " % (pf_rule.uuid, any_vr.uuid))
test_result = False
if test_result != self.exp_result:
return self.judge(test_result)
else:
test_util.test_logger("Port Forwarding [rule:] %s is pingable from [vm:] %s" % (pf_rule.uuid, any_vr.uuid))
return self.judge(test_result)
def check(self):
super(vip_used_for_checker, self).check()
test_result = True
vip_uuid = self.test_obj.get_vip().uuid
try:
vip_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
except:
test_util.test_logger('Check Result: not find vip by [uuid:] %s '\
% vip_uuid)
return self.judge(False)
if vip_db and self.use_for in vip_db.useFor:
test_util.test_logger('Check Result: [vip:] %s is used for %s' \
% (vip_uuid, self.use_for))
return self.judge(True)
test_util.test_logger('Check Result: [vip:] %s is NOT used for %s' \
% (vip_uuid, self.use_for))
return self.judge(False)
def check(self):
super(vip_used_for_checker, self).check()
test_result = True
vip_uuid = self.test_obj.get_vip().uuid
try:
vip_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
except:
test_util.test_logger('Check Result: not find vip by [uuid:] %s '\
% vip_uuid)
return self.judge(False)
if vip_db and vip_db.useFor == self.use_for:
test_util.test_logger('Check Result: [vip:] %s is used for %s' \
% (vip_uuid, self.use_for))
return self.judge(True)
test_util.test_logger('Check Result: [vip:] %s is NOT used for %s' \
% (vip_uuid, self.use_for))
return self.judge(False)
def check(self):
super(vip_used_for_checker, self).check()
test_result = True
vip_uuid = self.test_obj.get_vip().uuid
try:
vip_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
except:
test_util.test_logger('Check Result: not find vip by [uuid:] %s '\
% vip_uuid)
return self.judge(False)
#Because of bug16125,these lines which are check vip.usefor is commented out temporary.
# if vip_db and self.use_for in vip_db.useFor and vip_db.useFor.count(self.use_for) == 1:
# test_util.test_logger('Check Result: [vip:] %s is used for %s' \
# % (vip_uuid, self.use_for))
# return self.judge(True)
# test_util.test_logger('Check Result: [vip:] %s is NOT used for %s' \
# % (vip_uuid, self.use_for))
# return self.judge(False)
return self.judge(True)
def test():
global mevoco1_ip
global mevoco2_ip
global ipsec1
global ipsec2
mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP']
mevoco2_ip = os.environ['secondZStackMnIp']
test_util.test_dsc('Create test vm in mevoco1')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm1)
vm1.check()
vm_nic1 = vm1.get_vm().vmNics[0]
vm_nic1_uuid = vm_nic1.uuid
vm3 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm3)
vm3.check()
vm_nic3 = vm3.get_vm().vmNics[0]
vm_nic3_uuid = vm_nic3.uuid
pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid
vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0]
l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid
vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1)
vip1 = test_stub.create_vip('vip for multi-services', l3_uuid1)
vip_uuid = vip1.get_vip().uuid
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1)
first_zstack_cidrs = res_ops.query_resource(
res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create test vm in mevoco2')
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName'))
test_obj_dict2.add_vm(vm2)
vm2.check()
pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid
vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0]
l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid
vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2)
second_zstack_cidrs = res_ops.query_resource(
res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_dsc('Create PF in mevoco1')
l3_name = os.environ.get('l3NoVlanNetworkName1')
vr = test_stub.create_vr_vm(test_obj_dict1, l3_name)
l3_name = os.environ.get('l3VlanNetworkName4')
vr = test_stub.create_vr_vm(test_obj_dict1, l3_name)
vr_pub_ip = test_lib.lib_find_vr_pub_ip(vr)
pf_creation_opt1 = PfRule.generate_pf_rule_option(
vr_pub_ip,
protocol=inventory.TCP,
vip_target_rule=Port.rule4_ports,
private_target_rule=Port.rule4_ports,
vip_uuid=vip_uuid)
test_pf1 = zstack_pf_header.ZstackTestPortForwarding()
test_pf1.set_creation_option(pf_creation_opt1)
test_pf1.create()
vip1.attach_pf(test_pf1)
vip1.check()
test_pf1.attach(vm_nic1_uuid, vm1)
vip1.check()
test_util.test_dsc('Create LB in mevoco1')
lb = zstack_lb_header.ZstackTestLoadBalancer()
lb.create('create lb test', vip1.get_vip().uuid)
test_obj_dict1.add_load_balancer(lb)
vip1.attach_lb(lb)
lb_creation_option = test_lib.lib_create_lb_listener_option(lbl_port=222,
lbi_port=22)
lbl = lb.create_listener(lb_creation_option)
lbl.add_nics([vm_nic1_uuid, vm_nic3_uuid])
lb.check()
vip1.check()
test_util.test_dsc('Create ipsec in mevoco1')
ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1,
vip2.get_vip().ip, '123456',
vip1.get_vip().uuid,
[second_zstack_cidrs])
vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
assert "IPsec" in vip1_db.useFor
assert vip1_db.useFor.count("IPsec") == 1
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create ipsec in mevoco2')
ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2,
vip1.get_vip().ip, '123456',
vip2.get_vip().uuid,
[first_zstack_cidrs])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip):
test_util.test_fail(
'vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' %
(mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail(
'vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' %
(mevoco2_ip, mevoco1_ip))
# delete ipsec
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
ipsec_ops.delete_ipsec_connection(ipsec1.uuid)
if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail(
'vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted'
% (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail(
'vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted'
% (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
assert "IPsec" not in vip1_db.useFor
# delete PF
test_pf1.delete()
vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
assert "PortForwarding" not in vip1_db.useFor
# delete LB
lb.delete()
vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
assert vip1_db.useFor is None
test_lib.lib_error_cleanup(test_obj_dict1)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
ipsec_ops.delete_ipsec_connection(ipsec2.uuid)
vip2.delete()
test_lib.lib_error_cleanup(test_obj_dict2)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
vip1.delete()
test_util.test_pass('Create multiple service with 1 snat IP Success')
def test():
global mevoco1_ip
global mevoco2_ip
global ipsec1
global ipsec2
global ipsec3
global ipsec4
mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP']
mevoco2_ip = os.environ['secondZStackMnIp']
test_util.test_dsc('Create test vm in mevoco1')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm1)
vm1.check()
pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid
vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0]
l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid
vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1)
vip1 = test_stub.get_snat_ip_as_vip(vr1_pub_ip)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1)
first_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create test vm in mevoco2')
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName'))
test_obj_dict2.add_vm(vm2)
vm2.check()
pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid
vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0]
l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid
vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2)
second_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
test_util.test_dsc('Create test vm in mevoco2')
vm3 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName4'))
test_obj_dict2.add_vm(vm3)
vm3.check()
pri_l3_uuid3 = vm3.vm.vmNics[0].l3NetworkUuid
vr3 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0]
l3_uuid3 = test_lib.lib_find_vr_pub_nic(vr3).l3NetworkUuid
vip3 = test_stub.create_vip('ipsec3_vip', l3_uuid3)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid3)
third_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_dsc('Create ipsec in mevoco1')
ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [second_zstack_cidrs])
ipsec3 = ipsec_ops.create_ipsec_connection('ipsec3', pri_l3_uuid1, vip3.get_vip().ip, '123456', vip1.get_vip().uuid, [third_zstack_cidrs])
vip1_uuid = vip1.get_vip().uuid
vip1_db = test_lib.lib_get_vip_by_uuid(vip1_uuid)
assert "IPsec" in vip1_db.useFor
assert vip1_db.useFor.count("IPsec") == 1
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create ipsec in mevoco2')
ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs])
ipsec4 = ipsec_ops.create_ipsec_connection('ipsec4', pri_l3_uuid3, vip1.get_vip().ip, '123456', vip3.get_vip().uuid, [first_zstack_cidrs])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip))
if not test_lib.lib_check_ping(vm1.vm, vm3.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip))
if not test_lib.lib_check_ping(vm3.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
ipsec_ops.delete_ipsec_connection(ipsec1.uuid)
ipsec_ops.delete_ipsec_connection(ipsec3.uuid)
if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip))
if test_lib.lib_check_ping(vm1.vm, vm3.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip))
if test_lib.lib_check_ping(vm3.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_lib.lib_error_cleanup(test_obj_dict1)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
ipsec_ops.delete_ipsec_connection(ipsec2.uuid)
ipsec_ops.delete_ipsec_connection(ipsec4.uuid)
test_lib.lib_error_cleanup(test_obj_dict2)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_pass('Create Ipsec Success')
def check(self):
super(pf_checker, self).check()
test_result = True
try:
test_vip = test_lib.lib_get_vip_by_uuid(self.test_obj.get_vip().uuid)
except:
test_util.test_logger('Check Result: [vip:] %s is not exist' % self.test_obj.get_vip().uuid)
self.test_obj.update()
return self.judge(False)
if not self.test_obj.get_pf_list():
test_util.test_logger('Check Result: [vip:] %s is not attached to any pf.' % self.test_obj.get_vip().uuid)
self.test_obj.update()
return self.judge(False)
vip = self.test_obj.get_vip()
vipIp = vip.ip
all_ports = port_header.all_ports
pf_running_list = self.test_obj.get_pf_list_for_running_vm()
pf_tcp_list, pf_udp_list = self.separate_tcp_udp_list(pf_running_list)
pf_tcp_dict = self.gen_tcp_dict_by_allowed_cidr(pf_tcp_list)
pf_stopped_list = self.test_obj.get_pf_list_for_stopped_vm()
pf_detached_list = self.test_obj.get_detached_pf_list()
vip_l3 = self.test_obj.get_vip().l3NetworkUuid
if not pf_running_list:
# all ports should be denied, since no living vm.
for pf in pf_stopped_list:
test_result = self.check_denied_pf(pf)
if test_result != self.exp_result:
return self.judge(test_result)
for pf in pf_detached_list:
test_result = self.check_denied_pf(pf)
if test_result != self.exp_result:
return self.judge(test_result)
else:
#open TCP ports for living vms
for pf in pf_tcp_list:
target_vm = pf.get_target_vm().vm
vm_l3 = test_lib.lib_get_nic_by_uuid(pf.get_port_forwarding().vmNicUuid).l3NetworkUuid
test_lib.lib_open_vm_listen_ports(target_vm, all_ports, vm_l3)
#calc allowed ports, per allowed_cidr
for allowed_vr_ip, pf_dict_list in pf_tcp_dict.iteritems():
allowed_ports = []
denied_ports = all_ports
#find all pf rules on running vm. These rules are supposed to be connectable, unless they are blocked by target vm's sg.
allowed_ports, denied_ports = \
self.count_pf_allowed_denied_ports(
pf_dict_list,
allowed_ports,
denied_ports)
#although the target_vm might be different, but the denied_vr_vm should be same.
target_vm_nic_uuid = pf_dict_list[0].get_port_forwarding().vmNicUuid
allowed_vr_vm, denied_vr_vm = \
self.get_allowed_denied_vr_vm(allowed_vr_ip, target_vm_nic_uuid)
denied_vr_ip = test_lib.lib_find_vr_pub_ip(denied_vr_vm)
try:
test_lib.lib_check_ports_in_a_command(allowed_vr_vm, allowed_vr_ip, vipIp, allowed_ports, denied_ports, target_vm)
except:
traceback.print_exc(file=sys.stdout)
test_util.test_logger("Catch failure when checking [vip:] %s Port Forwarding TCP [rules] for allowed Cidr: %s from [vm:] %s . " % \
(vip.uuid, allowed_vr_ip, allowed_vr_vm.uuid))
test_result = False
if test_result != self.exp_result:
return self.judge(test_result)
if test_result != self.exp_result:
return self.judge(test_result)
test_util.test_logger("Checking pass for [vip:] %s Port Forwardings TCP rules for allowed Cidr: %s from [vm:] %s " % \
(vip.uuid, allowed_vr_ip, allowed_vr_vm.uuid))
#check denied vr access.
allowed_ports = []
denied_ports = all_ports
#the denied vr might be in other pf rule.
if denied_vr_ip in pf_tcp_dict.keys():
allowed_ports, denied_ports = \
self.count_pf_allowed_denied_ports(
pf_tcp_dict[denied_vr_ip],
allowed_ports,
denied_ports)
try:
test_lib.lib_check_ports_in_a_command(denied_vr_vm, denied_vr_ip, vipIp, allowed_ports, denied_ports, target_vm)
except:
traceback.print_exc(file=sys.stdout)
test_util.test_logger("Catch failure when checking [vip:] %s Port Forwarding TCPs for not allowed Cidr from [vm:] %s" % (vip.uuid, allowed_vr_vm.uuid))
test_result = False
if test_result != self.exp_result:
return self.judge(test_result)
test_util.test_logger("Checking pass for Port Forwarding TCP [rule:] %s for not allowed Cidr from [vm:] %s . All ports should be blocked. " % (vip.uuid, allowed_vr_vm.uuid))
if test_result != self.exp_result:
return self.judge(test_result)
#check pf_udp rule existance.
for pf in pf_udp_list:
test_result = test_lib.lib_check_vm_pf_rule_exist_in_iptables(pf.get_port_forwarding())
test_util.test_logger('Check result: [Port Forwarding] %s finishes UDP rule existance testing' % pf.get_port_forwarding().uuid)
return self.judge(test_result)
test_util.test_logger('Check result: [Port Forwarding] finishes [vip:] %s TCP testing.' % vip.uuid)
return self.judge(test_result)
def check(self):
super(eip_checker, self).check()
try:
test_vip = test_lib.lib_get_vip_by_uuid(self.test_obj.get_vip().uuid)
except:
test_util.test_logger('Check Result: [vip:] %s does not exist' % self.test_obj.get_vip().uuid)
return self.judge(False)
vip = self.test_obj.get_vip()
vipIp = vip.ip
eip_obj = self.test_obj.get_eip()
eip = eip_obj.get_eip()
try:
test_eip = test_lib.lib_get_eip_by_uuid(eip.uuid)
except:
test_util.test_logger('Check Result: [eip:] %s does not exist' % eip.uuid)
return self.judge(False)
if eip_obj.state == eip_header.ATTACHED:
self.vm_nic_uuid = eip.vmNicUuid
self.get_all_available_vr_ip()
all_ports = port_header.all_ports
if not self.vm_nic_uuid:
#eip is not attached
self.set_random_denied_vr()
return self.judge(self.check_eip_denied_tcp())
else:
vm_nic = test_lib.lib_get_nic_by_uuid(self.vm_nic_uuid)
#only open ports when VM is running.
if eip_obj.get_target_vm().state == vm_header.RUNNING:
target_vm = eip_obj.get_target_vm().vm
test_lib.lib_open_vm_listen_ports(target_vm, all_ports, vm_nic.l3NetworkUuid)
else:
self.set_random_denied_vr()
return self.judge(self.check_eip_denied_tcp())
#make sure no any SG rule can impact eip testing.
sg_invs = test_lib.lib_get_sg_invs_by_nic_uuid(self.vm_nic_uuid)
test_result = self.exp_result
if not sg_invs:
#If no SG TCP rules for vm_nic, means all ports are connectable
self.set_random_allowed_vr()
self.denied_vr = None
self.denied_vr_ip = None
self.allowed_ports = all_ports
self.denied_ports = []
test_result = self.check_eip_allowed_tcp()
if test_result != self.exp_result:
return self.judge(test_result)
#if no icmp rule, means ping should be successful
test_result = self.check_eip_icmp(True)
if test_result != self.exp_result:
return self.judge(test_result)
else:
self.calc_sg_tcp_ports(sg_invs)
test_result = self.check_eip_allowed_tcp()
if test_result != self.exp_result:
return self.judge(test_result)
test_result = self.check_eip_denied_tcp()
if test_result != self.exp_result:
return self.judge(test_result)
test_util.test_logger('Checker Result for EIP checker: %s' % test_result)
return self.judge(test_result)
def check(self):
super(pf_checker, self).check()
test_result = True
try:
test_vip = test_lib.lib_get_vip_by_uuid(self.test_obj.get_vip().uuid)
except:
test_util.test_logger('Check Result: [vip:] %s is not exist' % self.test_obj.get_vip().uuid)
self.test_obj.update()
return self.judge(False)
if not self.test_obj.get_pf_list():
test_util.test_logger('Check Result: [vip:] %s is not attached to any pf.' % self.test_obj.get_vip().uuid)
self.test_obj.update()
return self.judge(False)
vip = self.test_obj.get_vip()
vipIp = vip.ip
all_ports = port_header.all_ports
pf_running_list = self.test_obj.get_pf_list_for_running_vm()
pf_tcp_list, pf_udp_list = self.separate_tcp_udp_list(pf_running_list)
pf_tcp_dict = self.gen_tcp_dict_by_allowed_cidr(pf_tcp_list)
pf_stopped_list = self.test_obj.get_pf_list_for_stopped_vm()
pf_detached_list = self.test_obj.get_detached_pf_list()
vip_l3 = self.test_obj.get_vip().l3NetworkUuid
if not pf_running_list:
# all ports should be denied, since no living vm.
for pf in pf_stopped_list:
test_result = self.check_denied_pf(pf)
if test_result != self.exp_result:
return self.judge(test_result)
for pf in pf_detached_list:
test_result = self.check_denied_pf(pf)
if test_result != self.exp_result:
return self.judge(test_result)
else:
#open TCP ports for living vms
for pf in pf_tcp_list:
target_vm = pf.get_target_vm().vm
vm_l3 = test_lib.lib_get_nic_by_uuid(pf.get_port_forwarding().vmNicUuid).l3NetworkUuid
test_lib.lib_open_vm_listen_ports(target_vm, all_ports, vm_l3)
#calc allowed ports, per allowed_cidr
for allowed_vr_ip, pf_dict_list in pf_tcp_dict.iteritems():
allowed_ports = []
denied_ports = all_ports
#find all pf rules on running vm. These rules are supposed to be connectable, unless they are blocked by target vm's sg.
allowed_ports, denied_ports = \
self.count_pf_allowed_denied_ports(
pf_dict_list,
allowed_ports,
denied_ports)
#although the target_vm might be different, but the denied_vr_vm should be same.
target_vm_nic_uuid = pf_dict_list[0].get_port_forwarding().vmNicUuid
allowed_vr_vm, denied_vr_vm = \
self.get_allowed_denied_vr_vm(allowed_vr_ip, target_vm_nic_uuid)
denied_vr_ip = test_lib.lib_find_vr_pub_ip(denied_vr_vm)
try:
test_lib.lib_check_ports_in_a_command(allowed_vr_vm, allowed_vr_ip, vipIp, allowed_ports, denied_ports, target_vm)
except:
traceback.print_exc(file=sys.stdout)
test_util.test_logger("Catch failure when checking [vip:] %s Port Forwarding TCP [rules] for allowed Cidr: %s from [vm:] %s . " % \
(vip.uuid, allowed_vr_ip, allowed_vr_vm.uuid))
test_result = False
if test_result != self.exp_result:
return self.judge(test_result)
if test_result != self.exp_result:
return self.judge(test_result)
test_util.test_logger("Checking pass for [vip:] %s Port Forwardings TCP rules for allowed Cidr: %s from [vm:] %s " % \
(vip.uuid, allowed_vr_ip, allowed_vr_vm.uuid))
#check denied vr access.
allowed_ports = []
denied_ports = all_ports
#the denied vr might be in other pf rule.
if denied_vr_ip in pf_tcp_dict.keys():
allowed_ports, denied_ports = \
self.count_pf_allowed_denied_ports(
pf_tcp_dict[denied_vr_ip],
allowed_ports,
denied_ports)
try:
test_lib.lib_check_ports_in_a_command(denied_vr_vm, denied_vr_ip, vipIp, allowed_ports, denied_ports, target_vm)
except:
traceback.print_exc(file=sys.stdout)
test_util.test_logger("Catch failure when checking [vip:] %s Port Forwarding TCPs for not allowed Cidr from [vm:] %s" % (vip.uuid, allowed_vr_vm.uuid))
test_result = False
if test_result != self.exp_result:
return self.judge(test_result)
test_util.test_logger("Checking pass for Port Forwarding TCP [rule:] %s for not allowed Cidr from [vm:] %s . All ports should be blocked. " % (vip.uuid, allowed_vr_vm.uuid))
if test_result != self.exp_result:
return self.judge(test_result)
#check pf_udp rule existance.
for pf in pf_udp_list:
test_result = test_lib.lib_check_vm_pf_rule_exist_in_iptables(pf.get_port_forwarding())
test_util.test_logger('Check result: [Port Forwarding] %s finishes UDP rule existance testing' % pf.get_port_forwarding().uuid)
return self.judge(test_result)
test_util.test_logger('Check result: [Port Forwarding] finishes [vip:] %s TCP testing.' % vip.uuid)
return self.judge(test_result)
def check(self):
super(eip_checker, self).check()
try:
test_vip = test_lib.lib_get_vip_by_uuid(self.test_obj.get_vip().uuid)
except:
test_util.test_logger('Check Result: [vip:] %s does not exist' % self.test_obj.get_vip().uuid)
return self.judge(False)
vip = self.test_obj.get_vip()
vipIp = vip.ip
eip_obj = self.test_obj.get_eip()
eip = eip_obj.get_eip()
try:
test_eip = test_lib.lib_get_eip_by_uuid(eip.uuid)
except:
test_util.test_logger('Check Result: [eip:] %s does not exist' % eip.uuid)
return self.judge(False)
if eip_obj.state == eip_header.ATTACHED:
self.vm_nic_uuid = eip.vmNicUuid
self.get_all_available_vr_ip()
all_ports = port_header.all_ports
if not self.vm_nic_uuid:
#eip is not attached
self.set_random_denied_vr()
return self.judge(self.check_eip_denied_tcp())
else:
vm_nic = test_lib.lib_get_nic_by_uuid(self.vm_nic_uuid)
#only open ports when VM is running.
if eip_obj.get_target_vm().state == vm_header.RUNNING:
target_vm = eip_obj.get_target_vm().vm
test_lib.lib_open_vm_listen_ports(target_vm, all_ports, vm_nic.l3NetworkUuid)
else:
self.set_random_denied_vr()
return self.judge(self.check_eip_denied_tcp())
#make sure no any SG rule can impact eip testing.
sg_invs = test_lib.lib_get_sg_invs_by_nic_uuid(self.vm_nic_uuid)
test_result = self.exp_result
if not sg_invs:
#If no SG TCP rules for vm_nic, means all ports are connectable
self.set_random_allowed_vr()
self.denied_vr = None
self.denied_vr_ip = None
self.allowed_ports = all_ports
self.denied_ports = []
test_result = self.check_eip_allowed_tcp()
if test_result != self.exp_result:
return self.judge(test_result)
#if no icmp rule, means ping should be successful
test_result = self.check_eip_icmp(True)
if test_result != self.exp_result:
return self.judge(test_result)
else:
self.calc_sg_tcp_ports(sg_invs)
test_result = self.check_eip_allowed_tcp()
if test_result != self.exp_result:
return self.judge(test_result)
test_result = self.check_eip_denied_tcp()
if test_result != self.exp_result:
return self.judge(test_result)
test_util.test_logger('Checker Result for EIP checker: %s' % test_result)
return self.judge(test_result)
def test():
global mevoco1_ip
global mevoco2_ip
global ipsec1
global ipsec2
mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP']
mevoco2_ip = os.environ['secondZStackMnIp']
test_util.test_dsc('Create test vm in mevoco1')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm1)
vm1.check()
vm_nic1 = vm1.get_vm().vmNics[0]
vm_nic1_uuid = vm_nic1.uuid
vm3 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm3)
vm3.check()
vm_nic3 = vm3.get_vm().vmNics[0]
vm_nic3_uuid = vm_nic3.uuid
pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid
vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0]
l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid
vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1)
vip1 = test_stub.get_snat_ip_as_vip(vr1_pub_ip)
vip_uuid = vip1.get_vip().uuid
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1)
first_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create test vm in mevoco2')
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName'))
test_obj_dict2.add_vm(vm2)
vm2.check()
pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid
vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0]
l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid
vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2)
second_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_dsc('Create PF in mevoco1')
l3_name = os.environ.get('l3NoVlanNetworkName1')
vr = test_stub.create_vr_vm(test_obj_dict1, l3_name)
l3_name = os.environ.get('l3VlanNetworkName4')
vr = test_stub.create_vr_vm(test_obj_dict1, l3_name)
vr_pub_ip = test_lib.lib_find_vr_pub_ip(vr)
pf_creation_opt1 = PfRule.generate_pf_rule_option(vr_pub_ip, protocol=inventory.TCP, vip_target_rule=Port.rule4_ports, private_target_rule=Port.rule4_ports, vip_uuid=vip_uuid)
test_pf1 = zstack_pf_header.ZstackTestPortForwarding()
test_pf1.set_creation_option(pf_creation_opt1)
test_pf1.create()
vip1.attach_pf(test_pf1)
vip1.check()
test_pf1.attach(vm_nic1_uuid, vm1)
vip1.check()
test_util.test_dsc('Create LB in mevoco1')
lb = zstack_lb_header.ZstackTestLoadBalancer()
lb.create('create lb test', vip1.get_vip().uuid)
test_obj_dict1.add_load_balancer(lb)
vip1.attach_lb(lb)
lb_creation_option = test_lib.lib_create_lb_listener_option(lbl_port = 222, lbi_port = 22)
lbl = lb.create_listener(lb_creation_option)
lbl.add_nics([vm_nic1_uuid, vm_nic3_uuid])
lb.check()
vip1.check()
test_util.test_dsc('Create ipsec in mevoco1')
ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [second_zstack_cidrs])
vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
assert "IPsec" in vip1_db.useFor
assert vip1_db.useFor.count("IPsec") == 1
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create ipsec in mevoco2')
ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip))
# delete ipsec
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
ipsec_ops.delete_ipsec_connection(ipsec1.uuid)
if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
assert "IPsec" not in vip1_db.useFor
# delete PF
test_pf1.delete()
vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
assert "PortForwarding" not in vip1_db.useFor
# delete LB
lb.delete()
vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
assert "LoadBalancer" not in vip1_db.useFor
test_lib.lib_error_cleanup(test_obj_dict1)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
ipsec_ops.delete_ipsec_connection(ipsec2.uuid)
vip2.delete()
test_lib.lib_error_cleanup(test_obj_dict2)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_pass('Create multiple service with 1 snat IP Success')
